The sneakiest of cyber-attacks, phishing has grown in sophistication even as organizations work to tighten cybersecurity programs. Phishing attacks have always been an easy backdoor into an organization’s – or individual’s – network. With one click as you rush through daily emails, you can unleash malicious software into the system.
Phishing fools the best employees. Impersonation has become slick – emails look nearly identical to those you’d get from a bank, shipping service, or online retailer. Even government agencies get used to perpetuate the scam. Links or attachments that look benign, like receipts, tracking links or spreadsheets, contain nasty malware that can bring down a system and halt business operations until it’s contained.
6 Phishing-wary Best Practices
- Recognize the sender’s email address. Then stop. Look again, and don’t click on the link or open the attachment. If the topic seems even a hair out of character for the sender, it may be coming from a hacked account.
- Hover your cursor over the suspect link. If the heading says it’s from your bank but the web link that you see when you hover your cursor over the link doesn’t match, don’t click the link! It would be a good idea to report these scams to your bank or other legitimate sender you may communicate with.
- Don’t recognize the email address or sender? Definitely don’t click. And perhaps let your IT department know a strange email is in your Inbox.
- Weren’t expecting an email from this sender? Use the telephone! Yes, an old-fashioned call to verify that the email is legitimate could save your company a world of hurt.
- Pay close attention to emails directing you to websites that look just a little off. Fake sites often impersonate real ones.
- Update software security and anti-malware software when it’s released. Don’t swipe it off the screen or keep clicking “install later.” That’s the kind of procrastination cyber attackers count on.
- Backup data frequently, then test those backups. You want to know that a data restore action actually works. If it doesn’t, rethink your backup strategy.
Your best bet to combat phishing attacks? Workforce awareness. Much of the privacy and security training we provide is geared toward helping your workforce recognize phishing attacks, learn how everyday activities can compromise information security, and realize how their particular job function relates to overall cybersecurity, no matter what the position is.
Resource: OS OCR SecurityList, February 2018 Cybersecurity Newsletter: Phishing